SOLVED

Intune - Windows 10 Login Restriction with Affinity

%3CLINGO-SUB%20id%3D%22lingo-sub-1097991%22%20slang%3D%22en-US%22%3EIntune%20-%20Windows%2010%20Login%20Restriction%20with%20Affinity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1097991%22%20slang%3D%22en-US%22%3E%3CP%3EI%20need%20to%20restrict%20the%20login%20user%20of%20Windows%2010%20with%20Intune.%3C%2FP%3E%3CP%3ECan%20I%20do%20it%2C%20and%20how%3F%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1097991%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAffinity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%2010%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1098043%22%20slang%3D%22en-US%22%3ERE%3A%20Intune%20-%20Windows%2010%20Login%20Restriction%20with%20Affinity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1098043%22%20slang%3D%22en-US%22%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F80144%22%20target%3D%22_blank%22%3E%40Nayuta%3C%2FA%3E%20!%20What%20kind%20of%20login%20restriction%20do%20you%20want%20to%20achieve%3F%20Is%20it%20for%20a%20specifit%20application%3F%20Please%20give%20a%20bit%20more%20information.%20Kind%20Regards%20Oliwer%20Sj%C3%B6berg%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1107528%22%20slang%3D%22en-US%22%3ERE%3A%20Intune%20-%20Windows%2010%20Login%20Restriction%20with%20Affinity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1107528%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F345947%22%20target%3D%22_blank%22%3E%40oliwer_sjoberg%3C%2FA%3E%2C%26nbsp%3BI%20need%20to%20block%20non-affinity%20user%20sign-in%20to%20Windows%2010%20and%20permit%20sign-in%20only%20an%20affinity%20user%20and%20additional%20local%20administrators.%3C%2FP%3E%3CP%3EI%20thought%20it%20is%20a%20function%20area%20of%20the%20Intune%2C%20however%2C%20maybe%20is%20it%20about%20Azure%20AD%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1117172%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20-%20Windows%2010%20Login%20Restriction%20with%20Affinity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1117172%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F80144%22%20target%3D%22_blank%22%3E%40Nayuta%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eif%20we%20talking%20about%20Windows%2010%20Azure%20AD%20joined%20(AADJ)%20devices%2C%20there%20is%20currently%20no%20login%20restriction%20available.%20As%20soon%20as%20AADJ%20all%20Azure%20AD%20member%20can%20logon.%20With%20Autopilot%20they%20are%20not%20necessarily%20local%20administrators%20but%20there%20is%20an%20option%20to%20assign%20local%20administrators%20to%20certain%20AAD%20user%20in%20AAD.%20A%20login%20restriction%20to%20the%20enrollment%20user%20is%20not%20possible%20at%20the%20moment.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ebest%2C%3C%2FP%3E%0A%3CP%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1124426%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20-%20Windows%2010%20Login%20Restriction%20with%20Affinity%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1124426%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20answering%20my%20question.%20I%20completely%20understand%20the%20current%20Azure%20AD%20and%20Intune%20limitations.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVery%20Best%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Enayuta%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I need to restrict the login user of Windows 10 with Intune.

 

Can I do it, and how?

 

Regards,

4 Replies
Hello @Nayuta ! What kind of login restriction do you want to achieve? Is it for a specifit application? Please give a bit more information. Kind Regards Oliwer Sjöberg

Hi @oliwer_sjoberg, I need to block non-affinity user sign-in to Windows 10 and permit sign-in only an affinity user and additional local administrators.

I thought it is a function area of the Intune, however, maybe is it about Azure AD?

best response confirmed by Nayuta (Occasional Contributor)
Solution

Hey @Nayuta,

 

if we talking about Windows 10 Azure AD joined (AADJ) devices, there is currently no login restriction available. As soon as AADJ all Azure AD member can logon. With Autopilot they are not necessarily local administrators but there is an option to assign local administrators to certain AAD user in AAD. A login restriction to the enrollment user is not possible at the moment.

 

best,

Oliver

Hi @Oliver Kieselbach,

 

Thank you for answering my question. I completely understand the current Azure AD and Intune limitations.

 

Very Best,

 

nayuta